This project has moved. For the latest updates, please go here.

Error 800

Jun 29 at 9:02 AM

Thanks for the great component, but I have some problems configuring this on Windows Server 2016 ADFS.
I implemented a custom SMS module based on the sample, and that works great on Windows Server 2012 R2, but on the 2016 ADFS I keep getting Event ID 800:
Error when sending identification request !
username@domain :
SECURTY ERROR : Invalid Key for User username@domain
at Neos.IdentityServer.MultiFactor.AuthenticationProvider.CheckUserProps(AuthenticationContext usercontext)
at Neos.IdentityServer.MultiFactor.AuthenticationProvider.internalSendNotification(AuthenticationContext usercontext, ResourcesLocale Resources, MFAConfig cfg)

I hope you someone can point me in the right direction.

Jul 1 at 11:45 AM
Edited Jul 3 at 6:12 PM

It seems to be a security key violation error.
Some questions :
  • Does your ADFS farms (2012 R2 and 2016) are working with the same Active Directory or SQL Database for storing users metadata (email, phone, secret Key) ?
  • On ADFS 2016 after Farm initialization (without upgrade it seems), have you set all the properties in configuration. By default in 2016, the format of the Security Key is set to RSA (RSA encryption with a certificate, and user identity, so the keys are specific to each user) , in previous version this format is RNG (Random Number Generation).
    To toubleshot, can you execute some commands on each Platform (2012 R2 and 2016).

$k = Get-MFAConfigKeys
To change the key format
 get-help Set-MFAConfigKeys -examples
Set the same values as is your ADFS 2012 R2 configuration

MFAConfig Keys must the same, if you are sharing metadata storage between your 2 farms.
The error is not specific to SMS, you must have the same problem with email or OTP code.

Can you provide us these informations (anonymized) ?

Thank you for your feedback


03 june 2017
New version with bug correction Inside Register-MFAsystem
Marked as answer by redhook on 8/23/2017 at 1:37 AM